4·
1 year agoFor those wanting to look it up, Wegovy is a formulation of Semaglutide, which is sold under at least 3 brand names: Ozempic (diabetes mgmt), Rybelsus (taken orally rather than by injection), and Wegovy (higher dosage; glycemic mgmt.)
- 0 Posts
- 3 Comments
Joined 2 years ago
Cake day: July 5th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I’m not sure if they updated the article in the 3 days since your comment, but every point you raise is discussed in the post.
Overall, a good primer to Unicode for those unfamiliar, IMO.
In short: no. Any piece of software that implements SSH (library (e.g. python’s paramiko), client application (e.g. PuTTy), server application (e.g. OpenSSH Server), etc.) is potentially vulnerable.
In medium: It affects any application or library that implements the SSH protocol and offers either the ChaCha20-poly1305 encryption algorithm, or a chained block cipher (CBC) encryption algorithm paired with a MAC algorithm that uses Encrypt then MAC (EtM). An example of the latter would be a connection using
aes256-cbcas the encryption algorithm combined with thehmac-sha2-256-etm@openssh.commac algorithm.If you’re using OpenSSH, you can see the list of available encryption and mac algorithms with
ssh -Q ciphersandssh -Q macrespectively.Sample output:
$ ssh -Q cipher 3des-cbc aes128-cbc aes192-cbc aes256-cbc aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com chacha20-poly1305@openssh.com $ ssh -Q mac hmac-sha1 hmac-sha1-96 hmac-sha2-256 hmac-sha2-512 hmac-md5 hmac-md5-96 umac-64@openssh.com umac-128@openssh.com hmac-sha1-etm@openssh.com hmac-sha1-96-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com hmac-md5-etm@openssh.com hmac-md5-96-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.comMore info: There are 3 CVEs associated with Terrapin: the first, CVE-2023-48795, regards the general flaw in the SSH protocol.
The other two (CVE-2023-46445 and CVE-2023-46446) are specifically for the AsyncSSH library which, due to implementation details, has additional vulnerabilities that can be exploited on top of those made available by CVE-2023-48795.